Share This News Story

22 Comments

Sony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious. They should have been better prepared but they're too big and too disconnected to get this stuff right. Too many little bits built by different agencies. Wasn't it a Ghostbusters marketing site that got last hit?

Arrest them, throw away the key. I understand hacking to show vulnerability but these guys are taking it way too far. It's become a game to them, a criminal game. Hope they can track these guys down and punish them.

The contrast between the attacks against the two companies to date are quite striking. Nintendo gets hacked, 1 server is involved, there's a press release and life goes on. Sony gets hacked, their entire online gaming customer database gets stolen (including credit card numbers and the personal details needed to abuse them), the system remains offline for weeks, it's a massive debacle.

While Sony and Microsoft have a streamlined online presence built into their consoles that it's difficult to get away from, Nintendo have always made their online features optional without as much streamlining. From a security point of view, Nintendo were never going to be anywhere near as badly affected by hacker attacks as the other two big players could have been, largely because they deliberately don't keep any customer data that's actually worth stealing. Whether this was astute foresight on Nintendo's part is debatable, but the easy conclusion to draw is that if you're going to build an online database of high-value data you need to secure it properly (no sh*t sherlock!).

MS would be the next logical target but compared to Nintendo and Sony they are a far more difficult prospect. They've been fending off attacks like this for years ever since it became obvious that defacing Microsoft's webpage would make any hacker who could pull it off a hacker's household name. So, unless the Xbox Live system ever suffers a similar fate to Sony's offering, this whole sequence of events could well stand as a textbook example on how to deal with online security. If you aren't experienced at it, don't keep anything lying around worth stealing!

Originally Posted by GuinevereSony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious.

First, Geohot releases a hack that needs OtherOS, then Sony removes Other OS functionality to try to stop the hack and finally thousands of Sony customers cant access PS3 online features because some hacker group decided to wreak havok on Sonys operations.
The way some defend this kind of illegal activities is scaring.

LulzSec Targets Elderly in the Wake of Latest Sony Hacks
...
In questionable judgment, LulzSec reportedly decided to comb through the record set from the Sony Pictures breach looking for elderly users who were born in the 1920s (81 or older), 1930s (71 or older), or 1940s (61 or older). They posted the information in a torrent that included names, home addresses, passwords, and e-mail addresses.

Password reuse is rife among even moderately internet-savvy young people today and among the majority of elderly users it's virtually a given. Thus it is not surprising that there have been reports of malicious users hacking users' other web accounts, committing malicious and possibly financially damaging mischief.

LulzSec remains unsympathetic for these attacks on the elderly, stating via Twitter:

I hear there's been some funny scamming with jacked Sony accounts. That's what you get for using the same password everywhere. Hey innocent people whose data we leaked: blame @Sony.

The data appears to be authentic -- the Associated Press has confirmed multiple users/addresses to be real. Some account information appears to be faked -- likely by users who didn't wish to enter their real data for the contest.

Originally Posted by GuinevereSony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious.

First, Geohot releases a hack that needs OtherOS, then Sony removes Other OS functionality to try to stop the hack and finally thousands of Sony customers cant access PS3 online features because some hacker group decided to wreak havok on Sonys operations.
The way some defend this kind of illegal activities is scaring.

Whilst I agree, it's just as scary that no-one seems to care about anything anymore.

I think what is getting forgotten is Sony wanted most of your personal details, basically like having a copy of all the details in your wallet. Then it basically left it in a closed but not locked place.

I think what is getting forgotten is Sony wanted most of your personal details, basically like having a copy of all the details in your wallet. Then it basically left it in a closed but not locked place.

I kind of liked the idea of them making fools out of sony, until I read that they published all the private information of old people that they had stolen. And then a lot of these old people got asshats stealing money from their accounts and stuff...

That's so horrible. I don't care how old these Lulz kiddies are now, I just want someone to track them down and get them in prison where they belong.

1) I'm bored, angry and frustrated by all these hacks causing nothing but disruption and grief to people who deserve to be able to get on with their gaming in peace. I'm starting to believe that maybe governments should lock down the internet because nothing else will stop these kids doing this.

and

2) Doesn't anyone else find it hugely suspicious that there are so many high profile attacks that will in turn work against any good the attackers are trying to achieve. The hackers aren't stupid though, in fact I am led to believe that it's possible each hacker's brain holds more intelligence than entire governments put together, minus an essential helping of social etiquette. My point being that all these hacks are working against what most hackers would want, which is more freedom to have fun. These hacks will push governments faster to lock the internet down ... Wouldn't it be in agencies benefits to be pulling off these attacks themselves to force the lock-down?

Yeah security was lax and need to be fixed. A benevolent hack would have been doing it and contacting Sony to tell them they found the vulnerability and maybe telling the world that they are vulnerable after it is fixed or Sony seems reluctant to do anything and leaving it that.

Anything beyond that isn't even remotely benovolent. It is a criminal prank or just plain criminal (though technically hacking it period is criminal, but you could at least claim you did it for benevolent means if you didn't take it beyond the bounds I mentioned).

Lolzsec is also going further and basically saying that users have it coming if their other accounts get accessed if they reuse username and/or password information. Really? You are going to go there? Your criminal action caused people to be exploited means its their fault and not yours? Its like saying its the renter's fault that they lost everything if they didn't insure their posessions if you burn the apartment complex down.

Well if you didn't burn the darn thing down, it wouldn't have been a problem (would it have been smarter if they hadn't used the same username and common password, sure, but it isn't their fault that you hacked Sony and then revealed all their information)

I see this whole thing as a protest against companies collecting data, where the companies can't guarantee this data to be stored safely.

The internet is a nice tool for communication and spreading information, but I'd recommend everyone to only use it anonymously and not to give away their information freely. In the past 16 years I'm actively using the internet on a daily basis, I've never used my CC to pay for something, nor did I ever subscribe to networks (social networks, forums, etc) by using my real name, birthdate or adress.
I don't even do order something online, but pick up the phone instead and pay per bill.

So, if all these current hacks make people aware of the fact, that their data isn't safe in the internet, then this can only be a good thing.

Originally Posted by GuinevereSony shouldn't really have been surprised in the reaction resulting from them going after the hacker community like a pitbull. First they remove other OS and then they go all uber litigious.

First, Geohot releases a hack that needs OtherOS, then Sony removes Other OS functionality to try to stop the hack and finally thousands of Sony customers cant access PS3 online features because some hacker group decided to wreak havok on Sonys operations.
The way some defend this kind of illegal activities is scaring.

+1. The way people defend these guys you'd think they were Robin Hood.

Most of these big companies take your info for no real reason. The some act responsibly, some don't. The way Sony have been acting over the years is one reason why I actively avoid their products and services.

Originally Posted by levellerin fact I am led to believe that it's possible each hacker's brain holds more intelligence than entire governments put together

not intelligence.. it's passion

if you like to solve cryptic problems, you can be a hacker.. the thing is noone will tell you anything.. you have to first dive in head first and figure it all out yourself

but most people seem too dumb/lazy and want everything handed to them on a platter or it's not worth their time.. trust me the stuff has nothing to do with intelligence- it's just like audiophiles who build a better box and are always striving for perfect sound

like the people at rapid7 who work on metasploit.. to a layman someone running metasploit without a front end looks like genius.. and really until you actually find an exploit (I found a few in gaming engines back it the day myself) your just a newbie using the tools put out there and running the latest exploits found by others

it helps to get your ccna as that will give you a better understanding.. as you get better you can pivot through firewalls in more secure networks and even get amin on unpatched windows 7 machines by passing the hash from a compromised machine.. it's not like rocket science though- a lot of it relies on people who don't know what they're doing (patching, bad passwords, social engineering), and occasionally 0-day exploits

there's also attacks that have nothing to do with exploiting the machine itself and can still get you the data your looking for.. these types of attacks are the most fun imo- as they can be done on anyone even in a secure network by getting access to their wireless ap or a access to a computer wired on the network.. scan and target the machine you want to sniff, all passwords pass through your rig unencrypted including ssl

now imagine your using online banking and fatboy is sitting in your network playing a man in the middle attack.. he has the password to your bank account now and he could be sitting in a car a couple blocks away (if he's setup right) even further is using a dish and biquad or a lot of power through a yagi (my favorite)

now a script kiddie could never pull something like that off but it's possible (through testing I've confirmed all of this, why I can talk about it).. not really about how smart you are- if you don't enjoy doing it, you'll be mediocre at best

Originally Posted by jrs77I see this whole thing as a protest against companies collecting data, where the companies can't guarantee this data to be stored safely.

The internet is a nice tool for communication and spreading information, but I'd recommend everyone to only use it anonymously and not to give away their information freely. In the past 16 years I'm actively using the internet on a daily basis, I've never used my CC to pay for something, nor did I ever subscribe to networks (social networks, forums, etc) by using my real name, birthdate or adress.
I don't even do order something online, but pick up the phone instead and pay per bill.

So, if all these current hacks make people aware of the fact, that their data isn't safe in the internet, then this can only be a good thing.

Privacy first.

If you've payed through EFT (eletronic funds transfer), CC or similar, than your financial information is stored by these various companies in a manner that might well be accessible to hackers (IE on a computer that is probably connected to the internet in some manner). About the only thing not paying over the internet has prevented is removing phishing vulnerability and man in the middle attacks. It doesn't stop your private information from being scoured from any company's hacked system that you've delt with.